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Descrtptton 

BACKGROUND OF T>« INVENTION 

1. FieU of the Invention 

The present in\^ent»on relates to an apperatue and method for secure distrtxjtion of data. More perticularfy, the 
preserrt invent)on relates lo an apparatus and method lor GacurB dtstrdiution of software, software updates, and oorSi^ 
iration data. 

2. D ebu vtion of Related Art 

tn todays busirwsseryiTDnrnent data is orw of the most valuable reBOurcesrec^^ 
ed9& Asar^it, busaisssss must often t?G able to msirtaSn date c i cd - Mm ' &S t^, issgSf dgtermfrw the authenSk^ of 
data, and cloGeljr oxitrol access to data. As used hereki, the term "tt^ 

i n stmctions in a formaiized manner suitable tor communteattoa interprelaiion. or prpcesaino by human or automafic 
means, including, but not IMted to, software, software i^xlates, and configuration data. 

Data systems commonly consist of many types and sizes of oonvMer systems that are Neroonnectad ttvou( h 
many 'dHlerent electronic data networtcs. It is now common tor an wganiiation to interconnect its data systerrv witi 
systeocthalbetongtocustonfwrB, vendors, and coii v e ytDre^ Laigero^^^ 
or they migN provide continual senncea Fty purposes to 

fif)ction& of a Turing MacNnsc Induding a microoomputer. miniocrTputer. or mainframe computer. A Hiring MacMhe is 

a w8l4oKMm conputer sdence concept and is oqplained In Encyd 

ISBN 0^8405-321-0, which is spec^lcBlly incorporated hereto by referee 

storing data tor use by a coriputer, indudbig electronic; nri^ 

A corTt>ination of elennenls rnust woric together to achieve a nme searo 
an appraisal of thewyue of the data and potertfalthreatetothaldEr^ 

Sectffty tondions can be categorized as iollowe: 

* kto rit ifiuriio nandauthenlic o ioa klerMes users tothe system arid provides proof that they are who they dalrn to ba 

* Access confenol. Determiies vMch users can access which resources. 

* Data oor ft ler< ia ity. Protects an or pa n ifati on^ sensawe date from unauthor i zed dtectosura 

* Dato integrity. Ersures thai dtata is to its origprialtormarvltoel it ttts riot 

* Security riienagernercActoMsters,oon«rols, arid reviews a busk^^ 
Nonrepudtolion. Assures that the mnwaige wbs sent by the apprcpriato irvSvidUal. 

Oryptography inctodes a set cl techniciues tor scrariMng or dteguis^ 
vi^iocanrestore toe dala tofts ovIsP'^fbrm. to cuneit computer systomSs, cjypto |yHp ty pHwidas a seongi e co noni ca i 
baste tor i piyi ng rtratoCCT iidtanial and tor i<^^ 
talion of Secure Systerm. by CM K Mayer and Stophm IC 
(19eg),iBadtesicteDdontiedbsignandiriytorii B > aa ionolcry^^ 
herein by reiuroiKOL 

Rycornrner cia ibustoeesi^ppicBtionec toe ayptograpW c process 
has been widely adopted. The Data Enoryplion Standard (DES), as weO as o^ 
DEA to encipher data. Federal tofermalion Processing Standardb PiA)In^^ 

Meyer a Matyas text Many other proce sses tor conoeeling date, such as protecticn of passwords arripersorial id 

fication nunrters (PN^, are based on the DE8 prooeea The DES algo^^ 

processes the ctato. A DES key is a very sriBi piece of date (56 bits) that is normafty relato 

is used to transtorm the origirni date (plainleo4 to its disgused. eri^^ 

tornt Because the DES algorithm is conwnon IraiMga one must ta^ 

olheoMsa Eonrieone who has ttie Itay that orw used to encipher the data vi^^ 

agement refers to the prooedues that are used to keep keys secret 

To corrfirm the integrity of data, one can use the DES algorithm to corrpute a rnessa^ 
Used in this way the DES algorithm is a powerM tod; it is almost imposstile to meaningfuly mocfify the data and stiU 
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have n prodU;e thd Game MAC for a given Key. The slandanlk^ 
aclKinSi passwords, and oomputer programs. 

After the MAC >«beerioorTputed/rt is seritwfth date. 
to reooripute the MAC; the systern Iher) oofipares this resiit ¥^ to 
5 otoouse. change both the data arid the MAC; thereloreiihe Key that is us^ 
beh»een the MAC^ originator and the MACIsauthen fca lDr, 

An alternative approach to date integrity cheddng uses a stendaid key value and multple iteratiorv of the DES 
algorittwi to generate a rnocW i cetiondgtectton code (MDQ.^ 
be received frorn a trustedsouroa The person wtio wante to authenticate the date ^ 

10 the result with the MDC that was sent with the data. 

Because the DES algorithm has been used for many years, its strerigth has been demonstrated. Both software 
and Gpedafized hcvdware can implement the DES algorithm. A hardware solution Is often desirable for the foloMng 
reasorv: 

16 * thealgorithmrequiresnwiycornpu te rinstrictiorg to be processed 

* the keys must be protected GO that they can remain secret 

* performance can t>e 

so 

H a date secuity threat cornes from an eocternal source, a GOfbivare irnplem^^ 
be sufficient; uriforttfiatefy, however, nuch fraud origlnele^ 

cpedafeed cry plo gr i yN c hardware can be reqiir ed to protect agakist both irwicler arxj outsider date seourty threats. 
WelHtoGigned hardware can do the foBowing: 

26 

' ensire the secur^ of cryptographic keys 

* ensue the integrfty of the cryptograpNcproc oc E OS 

90 * iffMthelvy^^mwgernertaclmiestoaweMefirwdan^ 

ThePES iiy )rifwncwr*iihBsbeenp>oventobeelHder< ai id Gti ui i ^ 
renm secret Because tie sarne key is used both to ericipher the date and to dac^ihert^ 
be symmelric; rl uses a symmelric loy. 
3S In anotfier type of cryptograpNc process, an asymmetric process, one key is used to encipher the data, whie a 
dHfertftf bU oorresporvSng kay is used to deopher date to te original fom 
is Irovm as a pubio4(By systern The key that is used to encipher the date i^ 
tor dec^)hervig the date is secret r^orexanrvfe^rrony people who frow a personTs 

to ttwl person ttj i rKle r <M iy.KiiuwiiigthBaor#y thai per so n cl^^ PUilio- 
40 toy cryptoiTiirf^rigDritwn s have been incorporated into processes tor sfcryi^^ 
lDras6tftogdatehtegrfty.incto d hi u provii in gnonrepui Bt tonbyu6in^ 
technkiues are dtecussed to more detea the Meyer a IMyas feKt 

PiArftotay irigorihms (eug.. aloorihfn. by a 
t»evenrnoreconfMBf imelNwtieDES i^uu igmTtieuseclBpiMo^ 
46 GftuaionstowNchtietfwactaridtoolthepitfDtayai|gori0i^ 

to boti the DES ml 1^ algorihms, no pradical rneans eBoste to klenti^ 
tov^iNc ker. theretore^ keepirig a key secret el a cryptographto node Is ec^^ 

does not provide BuBidentprotoctoi I adversarfes have access to the oryptogrepNc process arvl to certain protected 
leys, they coUdpossijfyrnisuse the toys and everituaay u) fiy)ronr to 
so nust be In placa to proted and dtelrtoute cryptographic keys to a sec^ 

Access control protects date by alowing only persoro or pr o gr a m s with a legittoiate need to access system 
resources. 

such as a fie. selected reoools or fields to a fie. a hardware device^ or the corw^ ng capflb^ 
Access oorM uses the foiowing services: 

65 * kten tii ca ti onOTfverfication. identrcation is the abaay to use a unique name, tabel. or other refcr^^ 
each user or piogram to the system \terification is the abiity to provide proof that users ^ 
what they claim to ba (Nteri f i cirtion is also Igwwn as 'auBwrn i cal^ 
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Aulhorizalm Authorizatm 

data sets. ivogranB. or tranGaclksns. (Aftithori^^ 

Entorcement. Enfoi comert is a 6ii)6ystem pipoess of verifying the requesterlB authorizalioa 

In systeme ttiat nwi^pte cornputeis, it is increasingly necessary tor persons or program st one system 

to be eM to coTMnce persofv or pro^^BTO al another sys^ 
to tftis probtem invofve tfie totiowing: 

* using local access contrbiB 

* using cryptographic processing to ensure the aulhenticHy of a process 

* ersiffing that the author^ zstsn InScrnrBuon oonndenSa! 
Many corrputer pro^^ 

cfimegratedrncroprooessors. These nicroprocessoiB use stored progranisto 

For example, the IBM 4755 Cryptographic Adapter is a d^ 
granmng bgic mounted on a printed droit txxvd. FiMtctkms are housed wHhin a tanrper^esistBmnFndU^ 
area, for pretoctioa such as that cfscussed more lUly in US. Pat No. 5^027,397, which is spedficaBy fc worpora to d 
herein t)y relerenoa The IBM 4755 is a conponent of the IBM Transaction Seoff^ 

Dcatton entitled Transaction Security System: Qenerai Intormation Manu^ gid Phnnhg Gkid^ (QAa4^ 1 87-0) ua 
Pal Ma 5,046,085, and U.& Rat Nd 5.148,481. iMOt are cpedHcrfly Inoorpo m t e d herein by referenca 

TypicaDy.hi^oldn^of 
menwy tx the program; and >clatie nwnory lor data used by the pro 

Memory (ROM), t>rogrammabie Read Only Memory (PROM), or Erasable Pro gre iwndbte Read Orty Memory (EPROtyp 

>A)lat9e mernory is typicaly a static or dynann^ 

isremo¥BdL 

Nam technology aiow the design 
m«4iich the dBia can be changed* biA tie contertsar^^ SemaltechnolooleBcanbe 
usedtocbiaifftieee chai g^^ (FEPROM) pernte areas of memory to be erased eleclrorte^ 

and tien roprograrrvned Becticaiy Basable PROM (EEPROM) perr^ 
to RAM nwnori^ Cornplenwntary MetaK>xxle Semioonducto 
and reams RAM oonterto w^ien system povver is oft 

These nower Idnds o« nnennry can be used in two ways lo fr^^ 

pyst it some or al d the ntooprooessor program is stored in nonwfatacc reprogrammable nwrvry, the pro^^wn 
can be changed afterfie prockct is rna^ 
pr«^enfts prockicl obeoleeoenoe and pctacts the nrmiactKver ftr^ 

Second, data stored in ttie memory can control ttw oonfiguralion d the product One such use Is to selectively 
erudde or disable produd featiMea Iri this wayi tie mar«teltfer can 

dappications which need dftererttBalurea U^cantwdiafoedtdani^jgradetoeniMenewlMins. whichwM 
tiehtd^ly p ' dilHb i e tottiernBnufacturercinoerioriewhafdwBmhBBto 

Ihm nro mnny < mi ibiwI i iim %m iMrUwmm mnlin it tntw rtiin to twprt w'T**ifya^ttra ffmfffr 

siteetd tie told popiiBto 

tie inMying hanftme or softMni or imey betD resaicl tw i^sgrad^ 
tn manteturer nrny want to appty tie Invade orty to dai^ 

a p n rticd or m od d nunntier 

* a nmnufacture date within a particular ranged dates 

* a perticdar version d software instaied 

* a certain ranges d serial lurrbers 

a spectfic combinations of features 

n is easy to see why tK Idnd dftaDdbifity is higNy desirably 
inrpedment to its use, however: security 
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Both the manutacturer and user want to be sure they have control 
The manufacturer may want to make sure only its pronramB are used, to ensure the proorams meet quality and per- 
torrnance standards. The marujfacturer may also want to pr^entanyorief^ 
the data is tha< is being sent to the ustf. The user, on the otier hand, 
5 are vatU, and prevent arty thmrnghtmaHmctkn or wtv^ 

would be a Trofan horse* program which wouU nornrsDy operate 0^ 
the user% seotfity pract)oe&» or to diviioe the userls seael bilorma^ 

TypicaDy. there wai be one source tor efl feeld ^>grade& to code or oortfig^ 
possibia For the purpoees of dtecussion, assume that the deinoe 
w i|xtotes;Bndthedevioeisa6eairTtyadaptercard,witha8ecuredareaorn^ 
The problem can then be described with two fundamerrta) requirements: 

Rrst. data sent to the user must be kept secret HmustbefntooestototorariyorietodsooverormodfrytheconteritB 
of the data. 

Second, the user oust be aUe to venty that the darta came from the valid eouroe [bj^, the mariutacturer). This is a 
16 torm of norwepuSation. 

SUMMARY OF THE INVEhmON 

The preserrtin¥entionoveroorne s the disadvantages ariJB n wtatior B of thereto 
20 method tor seoue dtetriulion of software, software ufxtotes; and oortflgurBtoi data CryptDgraphy is used toproted 
sofbMere or data updates eerit to oon^puterproctols or per|)h^ In the pre- 

ferred eritiodbnerit the oonterite of the data caiwiot be read by anyorie «^ 
accepted unlese ft Is urwmffled arid orlgpnated wflh the vaid souoe 

An advamage of the Invention is to provide an apparatus and method tor secure dSstrlbuten of software, software 
25 n>rtHtBh» and ooftfiguration data. 

Arwlher advantage of the Inveritiori is to provide an apparatus arid method wf)e^ 
tfie configuration of a product so as to seiec^vefy enabto or dteaftte proc^ 

Vtol another acKanlage of the inv e n t ion is to piOMde an apparatus and method w^ein data stored In mervvry 
conMs fie aooeplanoe or ro|eciOi> of proposed data tor a product 
90 ThelDregDirigandotfieracKqrtagesof»iepreBer<i nw <fo n wB 

f luf vfing technotogy In view of the au;uii|Mnytogc^iiw»ig^^dBSO^)fionof thefcivuiiluii, ar^l appended daima. 

BRIEF DESCRIPnON OF THE DRAWINGS 

as FIQ. 1 is a btocktfagram depicting a oorryuter system arid associated cryptogr a phi c 8^ 
mer4 of an eritx)dlnier« of the cryptograpNc system is biDlan out 

FIGL 2 is a fciocfc (ftagram of an entxxSmenI of toe Inranted apparatus tor secure dUijulton of soflwarec software 
tfxIatBs^ and cortfiguration date eriploying pubic key cry p to g p a^ 

FIQ. 3 is a flueOiuit of an errtoodenenl of toe irwentod method tor secure dtetrtoution of software^ software ifxtotes^ 
40 and oortfyiration data employing pubic key cryptographs^ 

FIQ. 4 is a btoA cSa^am of an erhbodtoiertf of the Invented apparatus tor sacuro dUitJulion of sofbware^ tuflwuiu 
lydates, and corrfigtfalton data errytoying pubic key cryptography arwl sy i w netil c key cryptograpfy 

F la 5 is a ftowchart of an entoo(ftrner« c« tie invented inetiod tor se 
and cortfigurattondato e mpfcj yliig pubic lay u y pkvap fy ^ tynn wfc fc iwy pyptograply 

49 FiaSisadBpictionofcraBrteli to ri wto itotBtoulBrtona 

DESCRPIVM OF THE PREFERRED ByeODMEIfr 

Retening now to FC 1. a oornputor or oonputer system 10 is ctiown vMch includes a cryptographic system 12 

50 Gornprising a microproce s sor 14, memory 16, and cry p togr ap hic hnctions 18 mounted upon a device or adsqpter caid 
20.Theni LitJ pi O cessor,mernory. andcryp toye ph fc toctkyisarehousedwfthina 

As shown in Fia 2. a pUbic key KPU is instated in the adapter card 20. Cryptogr a phic system 12 Includes the 
pUbic key algorithm (aa. RSA). The oonespondng private key KPR wotid be held ty, iDr CKampte, toe adapter card 
manulBCturer, in a secure, secret manner so it wqJd never t>e dtotosed outside the marmjlacttfer^ org a nization. Pref- 
65 erabfy^ the data is protected twotokt: 

RrstasGhowninFia 2. data. EX is encrypted by a putfc key cryptographic system 24 using the private key, KP^ 
or as shown to Fia 4. date is encrypted by a symnwtrfc lay oyptog a pNc system 2S using the sy^ 
provkles the necessary seaecr. ^ data ooritent cannot be deterihned by anyone irterce 
Hicalion to the encrypted date wS render it irwaM. 
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10 



16 



SO 



Se(»nd, m FIQ& 2 and 4. a (figHal Signature on the data fe 
dWal ognatojregenerHlw 

can t)e a oorivonert cryptogmphk; furKtbn 1^ 

18 InchKle both a piWk; key cryptographfc 

svwture pra« thai the data has not been altered since ftsaeati^ 

ttiB manitactvBr ^ ~' 

Tim enibocfimerte 04 ttw invention are dBGCribed bekMi 

LtewTQWThrptAfetevorvntoffBp^ 

The first four steps in FIO 3. are pertomied by tie manutactnr^ 
remainirHi «t8p6 are performed by the user to load Ihe data bM the alE^ cant 

The maiiuheturer fW peneratee the data to be loBded iito the adapter caidB in step 100. TOa date l8 de^^ 
D. The maiwlaeturer aireBdy posBeeeas private key KPR. and the correspond^ 
ca«d mawtactured The key KPU be enfoedded in the adapter OMd. or 
other medkjm if 8 is proteeled aoBlnBt subetftulion (Olo., by a cer«ficrt^ 

in order to maintain integrity of the loaded data x^bwoi 

In step 1 1 0. the manjtaclirer computes a signatwe on the data D uBino the prfv^ 
(igiWGignatwe » optional. Hs use enhances the abny to prove ^ 

sueeessluly wilhout a sionalire The digW signafure function is rapresentod as dsirt 

before Ihe data is accepted by the adapter aint assuring a came fhm the nrnubcturer h this ax^^ 

In stap 120. the data D fe encryptad usirig the private key alQarithm witti toy KPa TT«s protecte the data from 
(fccfosureormodrKJtoipiiuitoitsinsfailalionintheadatJto 

algorithm, such as the RSAalgorilhm. H«««.«wyt— 

The manufactursr. in step 130. sen* tfie encrypted data plw(D) and the ditflal tSgnature 
ttmighary 

intorniBlior^ and toadsma data and 6igna>jre into fwseoref area ol the adulter ca>d in <>ttpm 

to step 1 SO, the adapter dacrypte the data using •» pUfc l^r |<PU reooMrlfis the dew date D. ra^^ 
rtBp160Jhe«Mid8i»aArels*eritoduBtog the same fa^ 
hMbemoraated^Mf^^ 

me mrmaaon is cfGcanlect stap 170. 

Oriy the private tay IO»f< neerte to be tavl secmt The pii)ic lay KPU IB present h 



there is no secuily ««)06ue » ite vatoe is dK«^. The natwe of the puUc toy a^ioril^ 

as kBycannotbedetefirtnBdfiomthepi*jllctojiand1hatvBliddHtecannolbeganeratBdt«^ 

alortei 

'^TtfWPl^hfflTft^pvngnBtrfcii ^ 

^ A«ernelh«»y.thedaiacanbeenci>ptediKirioa6ynrm^ 
pUfc key al0oi«hm tsed eftxM W8h Gurrertf tBcfv^^ 
than key aijorlhrm, BO this rneihod is 
eochfimenewdBlBispQdUceiL 

45 fcr>f»ertBp2lO,aian(toms|iiw^ 
mani*c^nrs«^ 
the prMie key KPR 

^in ^230,tie mariMacto8rcornpt<B6ati^ 
inig 9>e 6yrnme*K key al0orf9mi with key KS. Th^ 
50 dBio(D)arealsenttotheuBerin6t^2Sa ' 
In step 260, the cfalB is received at fie user BitB where a(^^ 
seoFed area of the caid. 1^ contains 

UB»m the piMc key algoritva In step 280. tie recovered KS used to decrypt the dbte usihg Vie synvnetrk; key 
atgorithm. 

« Instep290, the rfgWsionakjreisveriW using KPU in ordertover*^ 
rtmear^^ 

the adapter card and enaWed tor use. St ep 3 1 0 . Othenvise; the date is dfe^^ 
cakajtetKjns are prefarsWypeftonned inside ^ 

IS recovered and verfied. •^-•^ucwi 
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WHh eHher method desGrt)ed aboA. other 
An MDC. cycfic redundancy check (CRC). or any other vaid chedong code ootid be catoulated over the data and 
lypertted to the data before it is encrypted Once the data has been decry^ 
tt« value ooiM be veriied aoainsl the reoomed data, n tt verffi^ 
5 the private key KPa 

Usfl ol intarmation in the rtnta afi rterawon criteria 

Once the date has been k»ded into the adapter card, the deds^ 
fo can be made a fUiction of irA)rniationand/ior instructed 
In orie ent)odmrievit software contained in the devto 
i n for ma tion* already contained in the de^ Exany)ies of such basic iiton m tion indude: 

* serial nunta 

* model codes 

* date of manutactura 

so * versionof software cunentty installed 

* codes descrtiinoinstaBed or avaiflblefeetuee 

The basic informetion in the device is stored in memory (Inducf no hanft^^ 
2s loadable software). The atteria i f to ma tion to preABrabfy Included in the data in tabular tarm. tor exanrplai as shovm in 

FIGl & The data, and Iherelore the criteria inlDrination. Is securely (i^^ 

sectog herein. CortroiBOtNiarB witfTin the dewoecpg u r^ ^ 

mation in Older to dedde whether lo apply the data. 

The pseudocode in Tttblel is arieiarnpteol how the criteria intormation from to Each 
30 Item In the table wotidtwcornparedwih the app i up i la te basic intori na^ 
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the ooaparisoTO vMxid be used to dete^^ 

TABLE 1 



Load_Perroitted = FALSE; 
If SN_Min <= SN <= SN^Max then Do; 
If DT^Min <= DT <= DT_Max then Do; 
" ""If MlniHW^LvI <=^-H^ Max_HW_Lvl then Do; 

If Min_SW_Lvl <« SW^Lvl <= Max_SW_Lvl then Do; 
Get Feature_Vector; 

If""aH— FeatureB-Required-features-are-present then Do; 

If no 'Feature8_Prbhibited features are present then 



If Nodel_List is empty then Load^Permitted = TRUE; 
Else do While Nodel_List not empty; 
Get Test^Model from head of Hodel^List; 
If Test_Model » model of this device 
then Load_Permitted « TRUE; 
If Load_Permitted » TRUE then load data to memory; 
Else Abort loading process 



SN_Min and SN^Max are the lowest and highest serial 
numbers the device can have for the data to be 
valid. In the pseudocode in Table 1, the serial 
number for a specific device is designated SN. 
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* DT_Mln and I>T_Max are the earliest and latest dates 
the device can have for the data to be valid, e.g., 
the manufacturing date, the microcode creation date, 
or some other date code. Several different dates 
could be compared If desired. In the pseudocode In 
Table 1, the date code for a specific device Is 
designated DT. 

* Mln_HW_Level and Max_HW_Level are the lowest and 
highest hardware levels the device can have for the 
data to be valid. This represents the version of 
hardware In the device. HW_Level Is used In the 
pseudocode to represent a particular device's 
hardware level • 

* Mln_SW_Level and Max_SW_Level are the lowest and 
highest software levels the device can have for the 
data to be valid. This represents the version of 
software In the device prior to application of the 
data. SW_Level Is used In the pseudocode to 
represent the particular device's software level. 

* Features_Requlred and Features_Prohlblted are 
vectors of boolean values. They represent the 
features the device must have for the data to be 
valid, and the features the device must not have for 
the data to be valid. In the pseudocode, 
Feature_Vector represents a vector of boolean values 
representing the features present In a specific 
device. 

* Model_I.lBt Is a list of product sMMlels which are 
valid targets for the data. An empty list can be 
used to Indicate that the data Is valid for all 
models. Otherwise, the device looks for Its own 
model code In the list; If It Is not present, the 
data will not be applied. . 



tnanattemat>veeiifa)dynenlone ii i |j i w i W i< M ^ 
hself conlairv special Golhware fchecla^ 

and therefore ttie chedong software, is securely < fisUi) ut e d in the manner de8crt>ed in the prohous sections herein. 
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IHs chedang software is not a part ol the opeiBtional soflware used in the Areryday ^cation off the dorica Ibe 

addnx)nal cheddng softrare may be 

and ft deter mines whether the data should be applied. The saro 

instruitions to prepare the deim tor the new eofbnere a d^ 



TABLE 2 



If checking software present in the data then Do; 
Load checking softwares- 
Verify checking software Is valid; 
Abort if invalid; 
Execute checking software; 
If result - '*ok to load data** then Do; 

Get data; """ 

If data is valid 

Then load data to memory; 
Else abort 



This OTftndbnent is nmfteadfale tanthefirst en^ 
the Initial dwtodeeipnereLFunciire can be added wihan^ 

triopera iioatiteenfi)odfcnBntca^ 
pajnwHyttf/stOfedinthedanca.wHhad«onrifuncti^ 

The fcmSon performed brtfiechecMrvsofhim rtsftrotkm 
woiid typkaifly be sirnlar to those deeortoed tor the fW erit^^ 
deemed nececeary by the deeigrwr. 

A swrto qpproach can be iKed to proiAte cptional GofNm 
toaded. ThisooiidpertormlniliafizationneceGsarytopffepmtheapdkiteddavtoeto 

a oouree. mary moKtfficalions and adaplaions tothe present fri^^ 
ing from tie ol this irw4ioa Futher eonw toai&vee of tie p^^ 
uceolo<herteetoe6. Aooo«inB^tN6de M.iMi" i>sho><dbea)r »l d w 
present frwenion and not iri MiBtton fiereof. 

Fui Bienme dfaitoted Ik 

ocvwervflrtfly eriottel or cisafttal said msttiod indbdfaiQ 9w flaps oh 
pv^adfriB men^ 

eacBCUtingaproyamwWchreqwesyecgteirito 
features of the system; and 

i^JdaCingthe&pectfic intomriatton withdttadecn^ 

2. The ovttoiirio method ol item 1 indudfrig the adcfttor^ steps of: 
encarypling the data al the o<her oon^puter systm tfider a M 
decryping tie data wWn the secwed area wlh a second key of the pii]^ 

3. TYie conlroling method ol dai'm 22 indudfrv tie addttionirf steps oh 
osnereting a symmitric Key tor use witi a synmelrto cryplo^^ 
encrypting tie data under tie generated symmetric key : 
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encrypting the generated synvratnc koy 

tfa i fchyrin g the encrypted dala and the encrypted syiiiiietiit key to a processing eystem Wtvch is iocai te d wHNn 
the secured area; 

decrypting the reoeived syriwnetric toy wQNn the secived area ^ 

decrypting the received data within the secured erea ifider the decrypted syrrwnetric toy with a synmetrlc crypto^ 
raphy algorithm; and 

storing the decrypted data in said memory. 

4. The kUKfing method of Item 3 wherein 

the first toy s a private toy used wHh sakS piAilic toy erwryplion system 

5. The k»(&ig method of item 3 or 4 wherein 

the second toy is a pubic toy used with said pubic toy erviryplnn eystm 

6. TheoontroflingmethodoloneotitemB 1 toSi^wrein 

the executed program is iriduded in the data originating from th^ 

7. The oyitroling nrathod cl one ol itenrtt 1 Id 6 wherein said spe^ 
tollMffng: 

serial nunrtMr of the conputer system; 

nrvxtol nuntMr of the corTfMiter system; 

date of marutocture of the computer system; 

version of software ovrentty imtalled In the corrputer system: and 

codes describing instaled or evalable tBottfes. 

a The controfling metfiod of one of ilentt 1 to 7 wtierein 

t>» leelires of the system are reteted to GOftwore tyxtetea included in the data ui^ialiiHJ f^^m the other oornputer 
syGterfL 

9. A rnelhod of seovely oortfmHng the erwfttonert of data loaded in menn^ 
said rratfnd Indudng the steps ofc 

piDMifng ir#armaion wfthin said rnemory reprasertfing at leest one cti^^ 
pfDvidkig ofterie irtfornBlion wihin said dtata to be o)^^ 
corrpartng said crtortehil D riT Mli onwiti said at ieast one i^aractert^^ 

ernbing said data to be used within said device 9 said at least one di^^ i n t w i na Co n . 

10. The contrding method of item 9. wliorein 

at toast sorwe portio n of said oonyaring step is p e rtormed in accordance wfthirgt^ 

11. The contrding mettiod of Hem 9 or 10, a^wrein 

said characterisic IrtemBlion ooriBSpondls to at least one of the «Dl(^^ 

serial nurvter of tie devices 

model luntter of the doMoe; 

dMe of nmtelure ol the (iBvica; 

vereion of eoftaera omnly MbM In tw dMoBc and 

codes dBScribeiginptniod or avajatotBtBseuras. 



1. A rnethod of transferring data irto a secured area, said rnelhodincbjdingth^ 
encrypting (120) said data under a ftotigy of a pUfc toy ericryption system (24^ 
transterying (130) said eiiuypteddte to a processing system which is located wi^ 

decryptino ( 1 50) said received data wMi said secued area wim said pubic toy encryption system (24) under a 
second toy; and 

staring said decrypted data wilNn said secured area 

2. The mettvd of claim l.wlierein 

seid transfvring data hito a secued area is a toaJng data into at least some portion of memory which is located 
within said secured area and 
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sakJ secured aiwfeprtrteded from phjrtkaJ and 
tion of said tramlerreded data. 

a. A mc<hod cl taatfno date Irito al toast some po^ 
prateded from |]lqr8ica) and dired elects 
data, said method indudng tfie steps cf : 

Generating (210) a symmetric key (Ks) for use wimasynmlncoryptofp^ algori^ 
encrypSng (240) said data under said genemted symnrwtrc 
encryptinp (220) said generated syiTW^ 

transferring (250) said encrypted data and said encrypted syrmwlric key (Ks) to a procosang system whkii is 
tocated nwtNn said sectf ed am; 

dedrypting (270) said received syninwiric Itey (KIb) said seared area wHti a second key of said pubic key 

(Kpy) encryption systam; 

decrypdrigf2aO)6ai drBO^ 

metric cryptograptiy siQQrilhm; arvt 

storing said decrypted data into sakJ at least some portion of 

4. The method of one of ctalms 110 3, wherein 

said first key is a private loy (Kpf^ ined with said pii^ 

6L The method of one of daimsl to 4, wherein 

said second key is a pUte key (Kpu) used with said putrc key (K^ 

6. The method of or»e of claims 1 to 5, wherein 

said pubfic key (Kpu) is stored within saki secured area. 

7. ThemethodofoneofdaimBl toetotherindudngitiestBpof: 
adAng a code to sakf encrypted date vMch is to tie tans^ 
ticaling said encrypted data. 

& The method of claim? wherain 

saki code is selected ftnom said groi^ oonsiitng ol a di^ 
cydfe redundiancy diedi (CRC). 

9. The method of claim 7 or 8 further inckxfingttie step of: 
authenficatino saU decrypted data: mJ 

eneUng sakl decrypted date to tw used H sfrid decrypted data is BuDwnfc 
data. 

lOi A Qfstom lor securely hoUkig data, said systamcornpriBfrio: 

mernory means tocaled wi»iri a secured area whkii is pnXected from physM 

means lor pnMdkig a pubic ivy (Kp^ wmn sM secured wea; 

mem e«hin said secured area far leoeMno dte 

means wMn said sacwed area tor ilBcryp«rig (150) saU laow^ 

11. The ^fslem of cMm 10 wtwrain 

said decrypted dbia providBS a symmetric l«y (K^. 

12. The system of dainlliricUfno: 

means within said secured area tor receiving data encrypted by a synwn^ 
(Kb); 

means tor decnfpting (280) said date inter sail ^frnrneln^ 
l«ey (Kpu): and 

rneans tor storing saklsyrnrnetric Ivy decrypted data in sakirnenmyrn 

13. Thesystemof oneofclairnis10to12firtiertoctodtoQ 

means tor analyzing a code received by said system to authentkato saU data re^^ 
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14. The system of daim 13, wherein 

said code Is selected from saklQioty w i ttjt^ (MDC).anda 
cydic redundancy check (CRC). 

1& Amelhodof securely coritroanQ the oor#iQtfatkv) of a oomp^ 
be corimiienlty enalM a disatled* said melhad 

provkfng memory which is located witNn a secu^ed area which is protected from physical and cf rect electrical 
access; 

exaculino a program which requires speciic irtfar mati on to be stored iri said rnemory to perinit the use of specific 
teotires of said system; and 

t|xtet>nQ said spedfic intoriiiation with data decrypted from encrypted data originating from another oon^puter sys- 
tem. 

16. A method of securely oontroBing the enablernent of data loaded in menruryw^ 

method indudbig the steps of : 
. proMcfinginAormBtion within said memory representi^ 

providng criteria iriformation within said dM 

comparing said orfteria intomriation with said at least one characteristic; and 
eriatfeg said data to t>e used within said device if said at least one characteri^ 
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FIG. 5 
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